Fix clang undefined version error for ssh token

We use common libcryptsetup-token.sym version script that contain all symbols, but some of them are optional. As clang linker treats missing symbols as errors, the linker phase for ssh token fails as optional cryptsetup_token_buffer_free is not defined. (Most of distros has this option still disabled, though). As the sym file is also example for token authors, removing symbols there is not an option. For clang, we can use --undefined-version option, but it is not supported by other linkers, so it requires non-trivial checks for usable LDFLAGS (for both autoconf and meson). Instead, fix it by simply defining the symbol in ssh token, which duplicates the internal libcryptsetup functionality. Fixes: #830
mbroz · Aug 31, 2024 · beef8e3 · beef8e3
1 parent 63bb997
commit beef8e3
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/tokens/libcryptsetup-token.sym b/tokens/libcryptsetup-token.sym
@@ -1,9 +1,13 @@
 CRYPTSETUP_TOKEN_1.0 {
-    global: cryptsetup_token_open;
-	    cryptsetup_token_open_pin;
-	    cryptsetup_token_buffer_free;
-	    cryptsetup_token_validate;
-	    cryptsetup_token_dump;
-	    cryptsetup_token_version;
-    local: *;
+	global:
+		/* Mandatory functions */
+		cryptsetup_token_open;
+		cryptsetup_token_version;
+
+		/* Optional functions */
+		cryptsetup_token_open_pin;
+		cryptsetup_token_buffer_free;
+		cryptsetup_token_validate;
+		cryptsetup_token_dump;
+	local: *;
 };
diff --git a/tokens/ssh/libcryptsetup-token-ssh.c b/tokens/ssh/libcryptsetup-token-ssh.c
@@ -39,13 +39,20 @@ int cryptsetup_token_open(struct crypt_device *cd, int token,
 	char **password, size_t *password_len, void *usrptr);
 void cryptsetup_token_dump(struct crypt_device *cd, const char *json);
 int cryptsetup_token_validate(struct crypt_device *cd, const char *json);
-
+void cryptsetup_token_buffer_free(void *buffer, size_t buffer_len);
 
 const char *cryptsetup_token_version(void)
 {
 	return TOKEN_VERSION_MAJOR "." TOKEN_VERSION_MINOR;
 }
 
+void cryptsetup_token_buffer_free(void *buffer, size_t buffer_len)
+{
+	/* libcryptsetup API call */
+	crypt_safe_memzero(buffer, buffer_len);
+	free(buffer);
+}
+
 static json_object *get_token_jobj(struct crypt_device *cd, int token)
 {
 	const char *json_slot;